Hi,
we have decided to postpone the transition to apache2 2.4. The main blocker is
that mod_perl needs a major new upstream release which very likely won't be
ready in time for Wheezy and we don't want to release Wheezy without mod_perl.
The transition will probably happen shortly after the
; urgency=high
+
+ * Non-maintainer upload by the security-team.
+ * CVE-2008-5519: Fix information disclosure vulnerability when clients
+abort connection before sending POST body (closes: #523054).
+
+ -- Stefan Fritsch s...@debian.org Sat, 30 May 2009 15:49:20 +0200
+
libapache-mod-jk (1
Package: tomcat5
Version: 5.0.30-12
Severity: normal
Tags: security
A vulnerability has been found in Tomcat:
CVE-2007-1858:
The default SSL cipher configuration in Apache Tomcat 4.1.28 through 4.1.31,
5.0.0 through 5.0.30, and 5.5.0 through 5.5.17 uses certain insecure ciphers,
including the
Package: libswt3.2-gtk-jni
Version: 3.2.1-5
Severity: serious
The following packages are BROKEN:
libswt3.2-gtk-jni
The following packages will be upgraded:
eclipse eclipse-jdt eclipse-jdt-gcj eclipse-pde eclipse-pde-gcj
eclipse-platform eclipse-platform-gcj eclipse-rcp
eclipse-rcp-gcj
Changing debian/patches/04_build_manifest.patch to the attached patch
allows the package to build. But I have not tested the resulting package.
--- build.xml.old 2005-08-21 11:08:56.0 +0200
+++ build.xml 2005-08-21 11:09:13.0 +0200
@@ -47,7 +47,7 @@
/target
target
A NMU should be uploaded with the attached patch.
diff -u libdtdparser-java-1.21a/debian/patches/04_build_manifest.patch
libdtdparser-java-1.21a/debian/patches/04_build_manifest.patch
--- libdtdparser-java-1.21a/debian/patches/04_build_manifest.patch
+++
Package: jetty
Version: 5.1.10-2
Severity: grave
Tags: security
Some security issues have been found in jetty 6:
CVE-2006-2759:
jetty 6.0.x (jetty6) beta16 allows remote attackers to read
arbitrary script source code via a capital P in the .jsp extension,
and probably other mixed case
Hi,
some security issues have been found in jetty 6. Please check whether
these issues affect jetty in Debian. Maybe CVE-2006-2758 has been
fixed in 5.1.10-1?
Thanks for your help.
Cheers,
Stefan
==
Name: CVE-2006-2758
Status: Candidate
8 matches
Mail list logo